That twas Mark Twain.

I don't see why a virus would not exist on Linux...
Under windows you can also run as an unpriviledge user and only run a few things with runas as admin.

To me why there are no known virus under Linux is because:
-> The user is a bit more clever
-> There are less Linux desktop running

To make things clear, I am a Linux addicted, don't get me wrong

Or am I fortunatly wrong?

Linux viruses aren't, or wont be wide spread for a few reasons.

First off, most viruses are just stupid scripts, and expect the system to be laid out in a certain way, most distros differ in their layout, some by a little, others by a lot. So a virus would have a harder time trying to change system files, if it doesnt know where they are.

Simular to the reason above, viruses that are binary code would have a bit of a problem. If they make use of libraries, those libs might not be present, or they might be a different version, or the distro was compiled with some weird options that makes the libraries unacessable to the binary virus.

Those 2 reasons would limit a virus to a specific disto, or to a subset of all the distros.

Viruses need to be activated by users normally, in any case, on a proper system, the virus could only be installed and run under the current user. This leaves the virus with a small problem if the current user cant be used to spread itself. Assuming the virus had no intention of spreading by the network (due to a firewall blocking email traffic normal users, or something so it cant use the network like it wants to), but instead install a rootkit of sorts, you still need to install that rootkit. The virus would need to exploit a hole in the kernel to get root privs (without the user knowing). This alone would be a hard task, patches could be coming fast, but once the virus becomes root, it can install a rootkit and backdoor.

Other ways to get root would be for the virus to "use" a root-running service, with the intent to hyjack that program/service while its running. This would be very hard on secure systems, where no service is run as root, or at least they run in a jail so they cant kill the rest of the system.

both exploit routes would require certain versions of programs/kernels be installed, as its likely that a exploit would only work in a certain number of versions. On top of that, secure systems would have extra kernel patches to prevent unknown software from running, and possibly other security patches to make any root-getting exploit harder.

Granted most systems wouldn't be as secure as i say here, but a virus would still be limited to just a subset of all the linux distros, due to layout issuses/security in distros/some custom obfuscations to make it harder.

The smarter viruses would probably be perl/php/python/some script so it can run on any system with that package installed. A smart virus might even be able to scan your system files to find what it wants to change. But, your still left with the small problem of that pesky privs problem, so its not like total morons are going to be making linux/bsd viruses on the mass scale (percentage wise, of the total linux/bsd base) anytime soon. And in the future, the scripting languages might even be protected from users that dont need to use them, making it harder for viruses to spread easily.

What kind of libraries? OpenSSL? libpcap?
The most obvious is glibc, but real viruses are coded in assembler and it's trivial to make them use system calls instead.

I think the main reason that viruses aren't normally written for Unix environments is that it's a waste of root privileges. It'd be better to install a backdoor and make the box part of a zombie network to conduct more attacks.

The most obvious line of defense is to never run browser, media players, image viewers and even archive decompressors with the root account. These image exploits are a nasty thing. This, and tripwire will make your box secure to trojans & viruses.

If you run any of the programs mentioned above, if they're exploitable, then it'd be automatic... If you run them as root, then they could deactivate the firewall, etc...

The current infrastructure of metasploit is an example of the abstraction that may be possible in future exploits that wouldn't need to contain the whole menu... It could just download shellcode and apply it.

Viruses simply can't breathe as they can in Windows environments. There are worse specimens than viruses for Unix...

No, It does not true.

Most infestations that I have seen use some vulnerability in a running service that is running as root, which on standard Linux/Unix systems is necessary only to open TCP/IP port-numbers lower than #1024. Or, the user is very careless with passwords and a dictionary attack succeeds.

In any case, I think it safe to say that the Linux community at large is not categorically "careless." If you use Linux at all at this point, you probably know a fair bit more than the common-bloke about computers!

The Windows community at-large, per contra, is categorically uninformed. (Not clueless, not by any means stupid, but seriously uninformed.) And there are millions of machines out there where privilege escalation is simply not required: everyone runs everything as "root."

I do expect this to change. Microsoft recently shipped a security-wizard which does a pretty darned good automated job of locking-up some of the common holes in (at least) Server systems ... this being where I first encountered it; I don't know how widespread it's being shipped. These people are not stupid and their system is not brain-dead; I expect "security" to be rolled out with much fanfare .. oh, about x+2 years from now, where it will be proudly called a "feature" and the Gartner Group will dutifully sing its praises.

actually, you can set the kernel so other users/programs can use the lower TCP ports. I think its possible somewhere in the /proc mess, but also by using RSBAC to set root capabilities on individual programs (like giving them acess to the lower TCP ports, but not root acess to the file system). It can also be used to limit programs that run as root, or even limit root itself, or to make other users "root". So theres little need to run services as root at all, or at least not with full root privs.

That's right. Thanks alaskazimm!

We've had several threads in the security forum where people had systems infected with Linux viruses. Cracking tools are commonly found to be infected with things like Linux-RST. In fact even a Korean Mozilla binary was recently found to be infected (see Sept 21 entry):

http://www.mozilla.org/security/

//Has some on disk downstairs

Huh? linux is so opened to scare virii/rootkit.
Don't be afraid to be hacked, then will waste time to experience something new..

Linux is not as vulnerable as Windows but it is a stable and secure system ,and this the main reason why people switch.This article does not describe the main differences of all the systems it names.

http://www.zdnet.com.au/news/securit...9231787,00.htm

here is another to clarify

Looked at the mozilla report.

Still not convinced there's a serious threat to me.

Sounds more like a trojan to me anyway, depends upon user downloading and installing it.
Not just sitting there like a dos user and then wham-o.

All though people like symantec, norton etc. try scaremongering a bit
(maybe a fearful populous is in their interest?)

All I say is, don't lose sleep.

"Still not convinced there's a serious threat to me" yep

Looked at the mozilla report. Still not convinced there's a serious threat to me.
You might feel different if you were a native Korean speaker who had to rebuild his system...

Sounds more like a trojan to me anyway, depends upon user downloading and installing it.
Not just sitting there like a dos user and then wham-o.
It's an ELF infector which distinguishes it from a trojan according to most definitions. Run it on your system and it will infect all executables it has write access to in that dir and in /bin. If you want to make up your own definitions, then that's fine and I'm not going to argue over the semantics of it.

All though people like symantec, norton etc. try scaremongering a bit (maybe a fearful populous is in their interest?) All I say is, don't lose sleep.
I'm not suggesting they're some huge threat. You asked for evidence of their existence and seemed to suggest they don't. They clearly do and IMHO walking around saying they don't exist does as much of a disservice as fear-mongering. Having knowledge allows people make informed decisions for themselves. You don't think viruses are a serious threat, great, honestly I really don't either...I think there are much more important threats out there for people to worry about, but that still doesn't change my point.